﻿<?php
define('ROOT', '../');
include_once (ROOT . 'includes/common.php');

if (!iflogin(DBQZ,$userrow['cookie'])) {
}else{
	header("Location: main.php"); 
}
if(isset($_POST['from'])=='findpwd'){
	$email	= defense($_POST['email']);
	$verifycode 	= defense(trim($_POST['code']));
	$ip		= real_ip();
	$date	= date("Y-m-d H:i:s");
	$scriptpath = str_replace('\\','/',$_SERVER['SCRIPT_NAME']);
	$sitepath	= substr($scriptpath,0,strrpos($scriptpath,'/'));
	$siteurl	= ($_SERVER['SERVER_PORT']==443 ? 'https://' : 'http://').$_SERVER['HTTP_HOST'].$sitepath.'/';
	
	if(!preg_match('/^[A-z0-9._-]+@[A-z0-9._-]+\.[A-z0-9._-]+$/', $email)){
		$arr = array(
			'code' => 0,
			'msg' => '邮箱格式不正确'
		);
	}elseif($verifycode != $_SESSION["helloweba_code"]){
	    $arr = array(
			'code' => 2,
			'msg' => '验证码错误',
		);
    }elseif(!$row=$DB->get_row("SELECT * FROM ".DBQZ."_user WHERE mail='{$email}' limit 1")){
		$arr = array(
			'code' => 0,
			'msg' => '此邮箱不存在',
		);
	}else{
		unset($_SESSION['helloweba_code']);
		$code = base64_encode(authcode($row['user'].'||||'.time(),'ENCODE',DBQZ));
		include ROOT.'includes/mail.conf.php';
		if(send_mail($email,$mailconfig['findpwd']['sub'],$mailconfig['findpwd']['msg'])){
			$arr = array(
				'code' => 1,
				'msg' => '重置密码链接已经发送至'.$email.'！请到邮箱查看连接，重设密码！',
			);
		}else{
			$arr = array(
				'code' => 0,
				'msg' => '邮件发送失败，请联系站长！',
			);
		}
	}
	echo json_encode($arr); die;
}
?>
<!DOCTYPE html>
<html lang="en">
	<head>
		<meta charset="utf-8" />
		<title>找回密码 - <?=$conf['name']?></title>
		<link rel="icon" href="/favicon.ico" type="image/x-icon" />
		<meta name="description" content="" />
		<meta name="keywords" content="">
		<link rel="stylesheet" type="text/css" href="../layui/css/layui.css" />
		
		<style>
			body{
				margin: 0 auto;
				color: #2c3e50;
				/*
				text-align: center;
				*/
			}
			.container {
			  max-width: 480px;
			  padding: 50px;
			  margin: 0 auto;
			  text-align: center;
			}
		</style>
	</head>
<body style="background-image: url(../layui/images/background.png);">

	<div class="container">
<?php
if(isset($_GET['from'])=='findpwd'){
	echo '<div class="layui-col-md12"><div class="layui-card"><div class="layui-card-header">找回密码</div><div class="layui-card-body">';
	$code		= authcode(base64_decode($_GET['code']),'DECODE',DBQZ);
	$arr		= explode('||||',$code);
	$user		= defense($arr[0]);
	$timestamp	= $arr[1];
	if($timestamp + 3600 * 1 < time()){
		echo '<blockquote class="layui-elem-quote layui-quote-nm">此链接已失效！</blockquote>';
	}elseif(!$row=$DB->get_row("SELECT * FROM ".DBQZ."_user WHERE user='$user' limit 1")){
		echo '<blockquote class="layui-elem-quote layui-quote-nm">此用户不存在！</blockquote>';
	}else{
		$pwd = getkm(10);
		$md_pwd = md5($pwd);
		$sql = $DB->query("UPDATE `". DBQZ ."_user` SET `pwd`='{$md_pwd}' where `uid`={$row['uid']}");
		if($sql){
			echo '<blockquote class="layui-elem-quote">请使用临时密码登录到用户中心修改密码！<br>临时密码：<font color="red">'.$pwd.'</font></blockquote><a href="login.php" class="layui-btn layui-btn-fluid">返回登录</a>';
		}else{
			echo '<blockquote class="layui-elem-quote layui-quote-nm">创建临时密码失败，请联系站长！</blockquote>';
		}
	}
	echo '</div></div></div>'; die;
}
?>
		<div class="layui-col-md12">
			<div class="layui-card">
				<div class="layui-card-header">找回密码</div>
				<div class="layui-card-body">
					<form class="layui-form layui-form-pane" action="">
						<div class="layui-form-item">
							<label class="layui-form-label">绑定的邮箱</label>
							<div class="layui-input-block">
								<input type="text" id="email" autocomplete="off" placeholder="请输入账户绑定的邮箱" class="layui-input">
							</div>
						</div>
						<div class="layui-form-item">
							<label class="layui-form-label">验证码</label>
							<div class="layui-input-block">
								<input type="text" id="code" autocomplete="off" placeholder="请输入验证码" class="layui-input" style="padding-right: 102px;">
								<img id="img_code" style="position: absolute;top: 0;right: 1px; cursor: pointer;" src="../includes/code/get.code.php" onclick="$(this).attr('src','../includes/code/get.code.php?' + Math.random());">
							</div>
						</div>
						<button type="button" class="layui-btn layui-btn-fluid" onclick="login()">找 回</button>
						<hr class="layui-bg-gray">
						<div class="" style="margin-left: 385px;">
							<a href="login.php" class="layui-btn layui-btn-primary layui-btn-xs">返回登录</a>
						</div>
					</form>
				</div>
			</div>
		</div>
		
	</div>
	
	<script src="../layui/layui.js"></script>
	<script src="../layui/layui.all.js"></script>
	<script src="https://cdn.bootcss.com/jquery/3.4.1/jquery.min.js"></script>
	<!--您的Layui代码start-->
	<script>
		$(document).keyup(function(event){
			if(event.keyCode ==13){
				login();
			}
		});
		function login(){
			var email  = $('#email').val();
			var code   = $('#code').val();
			if(email==''){
				layer.msg('请输入账户绑定的邮箱',{icon: 5});
			}else if(code==''){
				layer.msg('请输入验证码',{icon: 5});
			}else if(!email.match(/^([a-zA-Z0-9_-])+@([a-zA-Z0-9_-])+((\.[a-zA-Z0-9_-]{2,3}){1,2})$/)){
				layer.msg('邮箱格式错误',{icon: 5});
			}else{
				var index = layer.load(1, {shade: [0.6,'#000']}); //0.1透明度的白色背景
				$.ajax({
					type: "post",   
					url:  "findpwd.php", 
					data: "from=findpwd&email=" + email + "&code=" + code,
					dataType: "json",
					success: function (res) {
						layer.close(index);
						if(res.code==1){
							layer.alert(res.msg,{icon: 6})
						}else if(res.code==0){
							layer.msg(res.msg,{icon: 5});
						}else if(res.code == 2){
							layer.msg(res.msg,{icon: 5});
							$('#img_code').attr('src','../includes/code/get.code.php?' + Math.random());
						}
					},
					error: function (res) {
						layer.msg('请求失败',{icon: 5});
						layer.close(index);
					}   
				});
			}
		}
	</script>
</body>
</html>